Mitigate Medicare Risk with Audit Insurance

Health care providers can mitigate the risks of audits by purchasing insurance. But there are many types of insurance to choose from, and what is covered varies widely from one policy to another. Understanding a few of the basics will help a provider be a smarter consumer.

First, we will examine the threat, then look at ways to mitigate risk. Finally, we will examine a few channels available to purchase what is needed.

In general, there are three categories of threat challenging a health care provider. The first is a traditional RAC-type audit; the second is the secondary threat of regulatory actions; the third is the possibility of class action suits that might be filed seeking gigantic damages.

Readers of RACmonitor are most familiar with an audit of claims by a RAC, ZPIC or CMIP or other authorized auditor. It starts with an innocent request to review a few claims, then eventually turns into a sample then statistical extrapolation demanding repayment of usually large sums of money. In order to handle this challenge, the provider must hire legal counsel, and a number of experts in statistical and claims analysis to develop a defense. this type of audit is increasing rapidly, so the chances of being audited is skyrocketing.

Regulatory actions pose a second and even more grave threat. The Office of the Inspector General (OIG) can follow up a RAC audit with a Civil Monetary Penalties Law (CMPL) (42 USC Sec. 13201-7) action that can be up to $5,000 per improper claim. But for health care providers, actually there is a vast regulatory shadow. Other regulatory actions can come from the Health Information and Technology for Economic and Clinical Health Act (HITECH) (Title XIII of Pub.L. 111-5)* which governs your handling of Electronic Health Records (EHR); the U.S Office of Civil Rights (OCR) who is focuses on how you handle personal data; the False Claims Act (FCA) (31 USA Sec. 3729-33; 18 USC Sec. 287); The Anti-Kickback Statute (AKS) (42 USC 1320A-7b(b)); the Physician Self-Referral Law (Stark Law) (42 USC Sec. 1395nn); the Criminal Health Care Fraud Statute (18 USC Sec. 1347); and of course the Health Insurance Portability and Accountability Act (HIPAA) (Pub.L. 104-191; 110 Stat. 1936) which is comprehensive but is generally associated with privacy of patient medical records. HIPAA is supplemented by a number of state privacy laws that may be triggered simultaneously, leading to a “double” investigation.

NOTE
(*) The HITECH act is Title XIII of Pub.L. 111-5 which was titled the “American Recovery and Reinvestment Act of 2009”.